Month: August 2018

As we wind our way through hurricane season this year, and this Saturday marks the beginning of National Preparedness Month, we need to think about citizen safety and education. If there’s one thing that gets under my skin, it’s the manipulation of people’s feelings under the guise and banner of “Public Safety.” I believe that many take advantage of the limited knowledge that constituents have around public safety networks, and capabilities.

Why does this happen? Simple, unrealistic television. While I know that I sound my age when I say something like that, it is true. Our environment today is a visual one. Since Stanley Kubrick’s “2001: A Space Odyssey”, Hollywood has taught us that if we can dream it, it will come, although it may take a few years. Instead of HAL, we have Siri, Alexa, and a whole host of smaller players that we interact with on a daily basis. Quite often, it surprises me at the length and amount of energy we expel trying to do a simple task. Just this week, a colleague of mine was having trouble with her vehicle automation turning on the air conditioning. She diligently tried six or seven times, and I’m thinking, “you know, you can just press that button right there?” Despite whatever the problem was, she was persistent, and the air conditioning came on, and I could feel her sense of pride, proving that she had the ability of mastering technology.

Lisa is a smart person. She knew she could figure it out, and she wasn’t going to give up without a fight. Lisa is a smart person. She understands technology and knew that something was wrong and that she had to correct. Lisa is a smart person, and she was determined to show off her technical prowess to her colleague that she rarely gets to see in person. For myself, I already know Lisa’s a smart person, so I sat back and mentally critiqued her troubleshooting skills. Guess what? She passed.

That’s a long way to go to make a point that’s critical, and the purpose of this blog. While Lisa was smart and determination drove her to correct her temporary issue, when it comes to legislation and budgets and funding in the actual legislative process in a state, most people (myself included) never really paid attention to that day in high school. Also, we tend to sit back and let things happen. The risk that we run by doing that is that we end up with situations like the state of New Jersey diverting $2 billion over 14 years, which works out to be just over $391,000 EACH AND EVERY DAY. We also end up with situations as we have in California that just recently emerged. The California SETNA fund (State Emergency Telephone Number Account), is a fund based on collecting a small amount from each telephone number bill. That collection occurs on landline devices only and has been reduced by almost 40% over the last 10 years due to the migration of landlines to cellular phones, and voice over IP telephones.

To correct the issue, Gov. Jerry Brown has a plan to bring together State Bill 870 and Assembly Bill 1836, pending approval from two-thirds of the California legislature. This new bill establishes a flat rate on every access line that can utilize the 911 system, and provide for a monthly collection of between $0.20 to $0.80 per line. The fee would begin January 1 of 2019 and is expected to raise $138 million during its first year of operation. Not only would this money support the legacy network, but it would fund Next Generation 911 services for the state.

While this plan does have broad support, some naysayers are holding up this critical legislation in the legal process. They refer to a $9 billion surplus that the state currently has, and wants the money to come from there. While that seems like a plausible solution, the Gov.’s Office of Emergency Services issued a statement stating that “there is a significant danger in tying the future of the 911 system to a budget surplus that we have in 2018 and 2019. The legislation will last for another 25 years. What if we are flush this year and not next year?”

It’s a great argument. However, instead of arguing about “who gets the surplus?”, Why not figure out what’s wrong with the budget that gave you $9 billion in surplus, to start? Maybe a more palatable solution would be to pass a bill that would perpetually fund a 911 network and enhancements. These new laws need to modernize where and how we collect fees from all access lines. Finally, if you feel it is worthy, make a one-time cash donation from your “surplus,” and kick this project off to save lives, and therefore making a difference. While you’re doing that, you can get rid of your current accountant, who doesn’t have the ability budget well, in return for one that does.

While this may seem to be a California problem, it is not. Every citizen, every constituent, every voter needs to express their opinion. It’s how the system works, and it’s how things get changed but go awry. It is not by any means, a perfect world. However, we can do a better job of managing our life-safety services.

To tie this back around with the original paragraph of this blog, while you’re thinking about preparedness for September, make sure you have an emergency services network in place that can respond to your request for help. It seems that may be pretty high on the list of “being prepared.”

911 $ERVICE FEE$

They exist on your telephone bill;
They are typically only a few dollars a month;
Most people pay them without question;
And it seems no one knows where the money actually goes.

ANSWER: Apparently it is NOT 911!

This is where the problem lies. The reason behind this is that for at least the past decade, Public Safety has been wrestling with the adoption of Next Generation 911 services. The main reason given as the blocking factor is funding. Estimates have been given regarding the cost of the new National NG911 Network. Most State agencies will spin tales of woe about the hundreds of millions, and even billions of dollars that NG 911 will ultimately require to update the existing infrastructure to one that is capable of communicating using the new modalities that make up the way we interact with each other today. Not only will this need to include things like video, text, and additional modalities yet to be developed, but the existing infrastructure needs to be REPLACED to effect this change.

Unfortunately, the existing legacy networks cannot be”upgraded.” While you can call it an upgrade, in actuality, it’s a technology forklift, and many are afraid to come out and openly admit that. Cost is one factor. An ‘upgrade’ sounds more affordable than ‘forklift’ and a solution that sounds more affordable. One must ask, though, “is money really the issue?” While many will say,”yes”, there are several examples to the contrary.

Let’s take my home state of New Jersey, an example. Recent reports, backed by FCC Commissioner Mike O’Reilly and Rep. Leonard Lance, (R-7th), claim since 2004, the State of New Jersey has “diverted” nearly $2 billion in 911 fees charged to phone users. These fees were earmarked for improvements to the state’s 911 call centers and could have been used to migrate to NG911. That’s right,$2 billionIs missing over the last 14 years in New Jersey. For this, the State loses the moniker of “The Garden State” and I will now refer to New Jersey as,”The Diversion State”.

When large numbers (like $2,000,000,000) are thrown around, I believe that they lose their impact on people. After all, $2 billion really doesn’t seem that bad, but when you do some basic math, the impact of $2 billion becomes quite staggering.

Let’s assume that 14 years is about 5113 days. If you were tasked with spending $2 billion over that span of 14 years, your daily outflow of cash would be nearly $400,000 a day, Actually, the exact number would be $391,159.79 – PER DAY. This $400,000 PER DAY is the amount of money that has gone MISSING in New Jersey for the past 14 years. The money is from fees that were collected in order to provide life safety services and the E911 Network but then subsequently diverted for some other purpose.

In all fairness, many STates have laws on the books that require a balanced budget, and if there is a surplus in any fund, it can be redirected to balance the budget. But to continue to the practice of charging excessive amounts to operate the network, then sweep the use of those funds under the rug, becomes a practice that is highly suspect and questionable

FCC Commissioner Michael O’Reilly is similarly upset, and publicly vocal, with this practice. I have a deep respect for Commissioner O’Reilly, mainly because he says what’s on his mind and if something is not right, he will not remain silent. Case in point, when I was promoting Kari’s Law, the Commissioner questioned if the FCC itself was compliant with direct access to 911, and when he tested it, he found that it was not. In his blog post, he questioned why his very own agency was not compliant on an issue that they were actually promoting. While embarrassing to this Federal agency, it did highlight a problem that needed to be fixed, and after a few months, it was.

The Commissioner also feels very strong about fund diversion practices, that have been going on for such a long time. Recently Rhode Island was found to be diverting money to its general fund, and in NJ, he commented that if states such as New Jersey were regulated by his agency “and you did what’s happening here, we would have sent you to the Department of Justice for criminal prosecution.” He also referred to the practice as “unconscionable.” Kudos Mike!

During the TFOPA sessions, the Commissioner questioned why the US has over 6,100 individual 911 centers, when this technology could be virtualized and run out of just a few super-centers, providing the latest and greatest technology to the 150 seat PSAP that serves NYC, down to the small 2 seat PSAP that serves Ogdensburg, NJ. This would not even require physical consolidation of people and equipment. Similar to many workers today, dispatchers and Call Takers could remain in regional or local facilities and then connect through various technologies commonly available for networking.

How Many 9’s is Your Network?

While Public Safety is absolutely a critical life safety network that needs the ultimate in resiliency, and reliability, when I see 911 networks go down for hours and days due to a single fiber cut, I have to ask “Who designed that single point if failure?” The next conversation is usually about money and the lack of funding.

This is what gets me fired up. Don’t cry to me that you are too poor to buy the latest and greatest when you DIVERT nearly $400,000.00 each day that is collected for 911 but spent elsewhere. Don’t claim you cannot afford the technology to save lives when $16,000.00 an HOUR are wasted elsewhere, and while you are at it, tell the people who have lost a loved one due to short staffing of a center, or cellular technology that get a pizza to me anywhere on the planet in 30 minutes, but cannot locate a 911 caller, when states are squandering over $260 EACH MINUTE.

Think about it, just in the 7 minutes it took you to read this blog, nearly 3200 calls to 911 occurred in the US, and in New Jersey alone, almost $2,000 of 911 Tax Fees was pilfered from 911 budgets.

Like any other Sunday morning when I’m not traveling, I park myself at my local luncheonette; grab my big Avaya mug from the wall behind the counter, and stick on my headphones. I Then immerse myself into the weeks technology tweets and blogs from the people I respect the most in the industry.

Evan Kirstel is one individual that never ceases to amaze me, either with inspiring tweets of his own, or something worthy of his RT, and likely worth reading. Today, a particular article he posted caught my eye. It appears that a D-Link DNS hack has become problematic where Hackers modify the router DNS to their own nefarious DNS look-alike. By doing this, any requests made for the IP address of someone’s bank, for example, would return a spoofed address of the hackers look alike bank site. Unsuspecting users would then login with their normal credentials, which would be collected by the hackers and then used later to drain accounts.

The security exploit here, is that the person is relying on information from one location, the DNS entry in the D-Link Router. it assumes that the IP Address of the DNS server provisioned is valid and authenticated, which in fact is not. This immediately struck me as a classic use case for blockchain, and an excellent way to explain it to those who may not understand.

As it was explained to me, blockchain is an architecture that stores data in multiple locations (or blocks) across the Internet. The actual data in the block itself is irrelevant. In fact, it is the container of that data that is tagged with an identifier unique to that block of data. In addition, the identifier is changed each time the contents of the container is modified, and this identifier is replicated everywhere the data is stored across the internet. When a user retrieves a specific block of data, they can then compare the identifier of the container with the other containers of the information. Should there be a mismatch in the identifier, it becomes immediately apparent that the data is not current, or valid. So, while it may be possible, or even easy to hack a particular container, replicating that to every other instance of the container would be nearly impossible. The more secure the data needs to be, the more container instances would exist, making it near impossible without quantum computing power and many say even that would be questionable.

This makes the value proposition here quite simple. If I’m going to hack your data, I need to hack every instance of your data, or you will know that the proverbial “seal has been broken”. It would be clear to all that the data has been tampered with without actually seeing the data, which ensures privacy. Knowing this, let’s go back to our DNS hack example.

When your router establishes an online connection, the router obtains its IP address, subnet mask, default Gateway, and DNS server information via DHCP. To ensure that DNS has not been hacked and spoofed, with a nefarious spoofed server address, it would be a simple matter of inspecting the blockchain identifier on the DNS data coming in, and also when the contents have changed. This will confirm if the blockchain address is valid as compared to other known data sources.

If a hacker managed to attack your router and modify the DNS IP address entry, it would be immediately known and could be flagged as an insecure source of data. That being said, please remember this was intended to be just an example to illustrate how blockchain could be used in a very simple environment. As you evaluate new infrastructure and architecture, don’t ignore the block chain value proposition built within products. Understand what they have, where the manufacturer is going from a roadmap perspective, and what could be used to lock down your data in this ever-changing, and fast-moving Internet of Everything.

To bring this full circle back into my Public Safety practice, Next Generation 911 networks will be chock-full of data and information from various sources. Protecting our critical life safety systems on the backend will be a challenge. At the same time, we can no longer lock these systems away in the back room away from the data that’s needed to evaluate situational awareness that will ultimately save lives. I believe blockchain will play a significant role in the validation of that data, and the architecture that will allow good data to flow from the people who have it to the people who needed, while protecting those first responders from attacks by those looking to circumvent, and infect the system.

The lesson here is not only is guarded diligence. Understanding networks is critical in building our NG911 environment, but a specific eye on public safety security best practices is paramount. I’d love to hear your thoughts on the matter, and what you perceive as suggestions and fears for the future.